Fuzz introspector: c/tests/fuzz/fuzz-sniff-header.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
357 445 17 :

['pni_consumer_readv32.2020', 'pn_free', 'pn_string_get', 'pn_string_buffer', 'pn_amqp_decode_DqEse', 'pn_string_size', 'pn_amqp_decode_DqERe', 'pnx_sasl_set_desired_state', 'pni_sasl_impl_process_mechanisms', 'consume_array', 'pn_string', 'pni_sasl_client_included_mech', 'pn_string_addf', 'pni_sasl_impl_init_client', 'pni_consumer_readv8.2021', 'make_consumer_from_bytes.2022', 'pn_string_setn']

357 445 pn_do_mechanisms call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:929
283 283 1 :

['pn_amqp_encode_DLESIoBBQDLESIsIoCQsCnCCeDLECennIe']

283 603 pni_process_link_setup call site: 00000 /src/qpid-proton/c/src/core/transport.c:2020
263 275 6 :

['pn_strndup', 'pni_sasl_impl_process_init', 'pnx_sasl_error', 'pni_sasl_server_included_mech', 'pnx_sasl_set_desired_state', 'pn_amqp_decode_DqEsze']

263 275 pn_do_init call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:897
179 838 8 :

['pn_condition_get_description', 'pni_unmap_local_channel', 'pn_condition_info', 'pn_condition_get_name', 'pn_framing_send_amqp', 'pn_amqp_encode_DLEQDLEsSCee', 'pni_pointful_buffering', 'pn_condition_is_set']

179 844 pni_process_ssn_teardown call site: 00000 /src/qpid-proton/c/src/core/transport.c:2462
164 164 3 :

['pnx_sasl_set_desired_state', 'pni_sasl_impl_process_outcome', 'pn_amqp_decode_DqEBze']

164 164 pn_do_outcome call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:1039
101 412 2 :

['pn_amqp_encode_DLESe', 'pn_framing_send_amqp']

101 1005 pn_error_amqp call site: 00000 /src/qpid-proton/c/src/core/transport.c:2554
62 62 2 :

['pn_amqp_decode_DqEze', 'pni_sasl_impl_process_challenge']

62 62 pn_do_challenge call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:997
62 62 2 :

['pn_amqp_decode_DqEze', 'pni_sasl_impl_process_response']

62 62 pn_do_response call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:1018
43 43 4 :

['free', 'X509_free', 'ssl_log', 'release_ssl_socket']

43 43 pn_ssl_free call site: 00000 /src/qpid-proton/c/src/ssl/openssl.c:954
5 5 1 :

['pni_emitter_writef64']

5 10 emit_descriptor call site: 00000 /src/qpid-proton/c/src/core/emitters.h:249
0 621 2 :

['pn_error_amqp', 'pn_dispatcher_output']

0 621 pn_output_write_amqp_header call site: 00000 /src/qpid-proton/c/src/core/transport.c:2670
0 560 1 :

['pn_connection_driver_destroy']

0 560 pn_connection_driver_init call site: 00000 /src/qpid-proton/c/src/core/connection_driver.c:56

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 pni_sniff_header [function] [call site] 00001